Hello Patrick, pcl-associates writes:
> Hi Carsten, > > Unfortunately, the issue is not limited to nslookup. Here's what I > get when I run the same dig command you did below. Yes do not get what you've expected, but the dig output gives much better information (see below). > Evidently > something isn't right because my results should match yours. > In a > separate email, Chris asked if I was using this as a forwarder or > resolver. I am using it as an authoritative, validating, recursive > caching dns server as described here: > https://calomel.org/unbound_dns.html. > That page is a little outdated (covers Unbound 1.4.9, current is 1.4.22). Also, you are probably running Unbound as a validating, recursive caching DNS server, as Unbound is not designed to be an authoritative server (that would be a NSD or BIND 9 or PowerDNS ...). The calomel.org websites just defines these DNS terms. Could you share your "unbound.conf" with this list? You have a forwarding server if you have configuration lines with "forward-zone:" in your configuration. Usually it is recommended *NOT* to use forwarding (instead, let your Unbound talk directly to the authoritative DNS servers in the Internet), unless you have a good reason to do so (network topology or firewall-policy). > # dig 158.24.39.46.zen.spamhaus.org. > > ; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> 158.24.39.46.zen.spamhaus.org. > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22741 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;158.24.39.46.zen.spamhaus.org. IN A > > ;; AUTHORITY SECTION: > zen.spamhaus.org. 3546 IN SOA need.to.know.only. > hostmaster.spamhaus.org. 1407271350 3600 600 432000 150 > > ;; Query time: 39 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Sun Jul 27 15:52:37 CEST 2014 > ;; MSG SIZE rcvd: 122 > Unlike with your nslookup response, which gave an IPv4 address record back, this response is actually a response saying that the requested domain name does not exist (NXDOMAIN). A very different response. Let's try to ask on the the authoritative DNS servers for "zen.spamhaus.org". I see: % dig 158.24.39.46.zen.spamhaus.org. @a.ns.spamhaus.org. ; <<>> DiG 9.10.0-P1 <<>> 158.24.39.46.zen.spamhaus.org. @a.ns.spamhaus.org. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22021 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;158.24.39.46.zen.spamhaus.org. IN A ;; ANSWER SECTION: 158.24.39.46.zen.spamhaus.org. 900 IN A 127.0.0.11 158.24.39.46.zen.spamhaus.org. 900 IN A 127.0.0.4 ;; Query time: 26 msec ;; SERVER: 2001:7b8:3:1f:0:2:53:1#53(2001:7b8:3:1f:0:2:53:1) ;; WHEN: Sun Jul 27 19:33:46 CEST 2014 ;; MSG SIZE rcvd: 79 -- Carsten Strotmann Email: [email protected] Blog: strotmann.de _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
